This action might not be possible to undo. Are you sure you want to continue?
• Describe the types of information that must be kept secure and the types of threats against them • Describe five methods of keeping a PC safe and secure • Discuss the threats and defenses unique to multiuser networks • Discuss the threats and defenses unique to wireless networks • Describe the threats posed by hackers, viruses, spyware, frauds, and scams, and the methods of defending against them
Succeeding with Technology, Third Edition 2
• • • • • Information Security and Vulnerability Machine-Level Security Network Security Wireless Network Security Internet Security
Succeeding with Technology, Third Edition
availability Succeeding with Technology. and the Internet is the battlefield • Many types of attacks can be made on computer systems – Viruses – Identity theft – Theft of personal information – Unauthorized use of your computer • Information security involves – Confidentiality.Information Security • Corporate and government networks are under attack. integrity. Third Edition 4 .
Information Security Succeeding with Technology. Third Edition 5 .
Third Edition 6 .Information Security Succeeding with Technology.
Third Edition 7 .Information security • Total information security – Securing all components of the global digital information infrastructure • • • • • Cell phones PCs Government and business networks Internet routers Communications satellites Succeeding with Technology.
including • Copyrights: protects words. movies.Information Security and Vulnerability • Identity theft – The criminal act of using stolen information about a person to assume that person’s identity • Intellectual property – Product of the mind or intellect over which the owner holds legal entitlement – can take many forms. Third Edition 8 . music. music. data. and information Succeeding with Technology. and other expressions for the life of the owner plus 70 years • Trademarks • Trade secrets: protects secrets or proprietary information of individuals and organizations as long as this item is adequately protected • Patents: protects an invention by giving the holder a monopoly on the use of the invention for 20 years after it has been applied • Intellectual property rights – Ownership and use of intellectual property such as software.
Third Edition 9 .Information Security and Vulnerability • Organizational information – Compromised information can lead to • Loss of market share • Business failure • Business intelligence – Process of gathering information in the pursuit of business advantage • Competitive intelligence – Concerned with information about competitors • Counterintelligence – Concerned with protecting your own information from access by your competitors Succeeding with Technology.
Information Security and Vulnerability • Businesses are targets of most attacks (most to least) – – – – – – – – – – – – Virus Insider abuse of Internet access Laptop theft Unauthorized access by insiders Denial-of-service attacks System penetration Theft of property information Sabotage Financial fraud Telecommunications fraud Eavesdropping Active wiretap Succeeding with Technology. Third Edition 10 .
Third Edition 11 .National and Global Security • Cyberterrorism – Uses attacks over the Internet to intimidate or harm a population • United States Computer Emergency Readiness Team (US-CERT) – Monitors the security of US networks and the Internet – Responds to attacks • National Strategy to Secure Cyberspace – Prevent cyberattacks against US infrastructure – Reduce national vulnerability to cyberattack – Minimize damage and recovery time Succeeding with Technology.
Third Edition 12 .Threats to Information Security: Software and Network Vulnerabilities • Security vulnerabilities or security holes – Software bugs that allow violations of information security • Software patches – Corrections to software bugs that cause security holes Succeeding with Technology.
Third Edition 13 .Threats to Information Security: User Negligence Succeeding with Technology.
by claiming it as your own Succeeding with Technology. typically a written idea. and distribution of digital intellectual property such as software. music. use. and movies • Plagiarism – Taking credit for someone else’s intellectual property.Threats to Information Security: Pirates and Plagiarists • Piracy – The illegal copying. Third Edition 14 .
Third Edition 15 .Threats to Information Security: Pirates and Plagiarists Succeeding with Technology.
Third Edition 16 .Threats to Information Security: Pirates and Plagiarists Succeeding with Technology.
intruders. unauthorized. Third Edition 17 . crackers. and attackers – an individual who subverts computer security without authorization • • • • White-hat hacker Black-hat hacker Gray-hat hacker Script kiddie • Computer forensics – Process of examining computer equipment to determine if it has been used for illegal. Intruders. Crackers.Threats to Information Security: Hackers. and Attackers • System penetration – Someone subverting the security of a system without authorization • Hackers. or unusual activities Succeeding with Technology.
Threats to Information Security: Hackers. Intruders. and Attackers Succeeding with Technology. Crackers. Third Edition 18 .
keys. – Something about you • Unique physical characteristics such as fingerprints Succeeding with Technology.Machine-Level Security • Common forms of authentication (weakest to strongest) – Something you know • Password or personal identification number (PIN) – Something you have • ID cards. badges. smartcards. Third Edition 19 .
Third Edition 20 .Machine-Level Security Succeeding with Technology.
you should change your passwords regularly Succeeding with Technology. Third Edition 21 .Passwords • Username – Identifies a user to the computer system • Password – A combination of characters known only to the user that is used for authentication • Strongest passwords – Minimum of eight characters in length – Do not include any known words or names • Besides choosing strong passwords.
Third Edition 22 .Passwords Succeeding with Technology.
Succeeding with Technology, Third Edition
ID Devices and Biometrics
– The science and technology of authentication by scanning and measuring a person’s unique physical features
• Facial pattern recognition
– Uses mathematical technique to measure the distances between 128 points on the face
• Retinal scanning
– Analyzes the pattern of blood vessels at the back of the eye
• Fingerprint scan
– Increasingly common method for access to secure areas, logging onto computers, and even validating credit
Succeeding with Technology, Third Edition 24
ID Devices and Biometrics
Succeeding with Technology, Third Edition
and decrypted as they are opened • Encryption and decryption – Tend to slow down computer slightly when opening and saving files Succeeding with Technology.Encrypting Stored Data • Encryption – Uses high-level mathematical functions and computer algorithms to encode data • Files – Can be encrypted “on the fly” as they are being saved. Third Edition 26 .
Third Edition 27 .Encrypting Stored Data Succeeding with Technology.
Third Edition 28 .Backing Up Data Systems • Common causes of data loss – Hardware failure – Human error – Software corruption – Viruses – Natural disasters • The only method that provides 100% protection against data loss is backing up Succeeding with Technology.
System Backup and Restore • Operating systems and security software provide ways to create rescue disks – A CD or floppy disk created while system is operational and backs up important system files • Systems Restore utility – System can be “taken back in time” to a point when the computer was not experiencing problems Succeeding with Technology. Third Edition 29 .
Third Edition 30 .System Backup and Restore Succeeding with Technology.
Backing up Data Files • Backup software typically provides the following options – Select the files and folders you wish to back up – Choose the location to store the archive file – Choose whether to back up all files (a full backup). orjust those that have changed since the last backup (an incremental backup) • Mirroring – Creating a copy of the system or a portion of it • Real-time mirroring – As files are saved. they are automatically updated in the mirrored copy Succeeding with Technology. Third Edition 31 .
Remote Data Backup • Internet-based backup services – Pay service which backs up your computer whenever it is connected to the Internet – Allows you to back up at a location away from your computer Succeeding with Technology. Third Edition 32 .
Third Edition 33 .Remote Data Backup Succeeding with Technology.
Systems Maintenance • System and Software updates – About 9% of data loss is caused by software corruption • Computer housecleaning – Deleting unneeded data files – Organizing the remaining data files logically into folders and subfolders – Emptying the recycle bin (Windows) or trash can (Mac) – Deleting unneeded saved e-mail messages – Cleaning out Web cookie and other temporary Web files – Uninstalling unneeded software – Reorganizing the desktop – Organizing Web browser favorites Succeeding with Technology. Third Edition 34 .
correcting incorrect or obsolete information – Backup the Registry before cleaning it Succeeding with Technology.System Maintenance • Defragmentation utility – Aligns files in adjacent clusters. Third Edition 35 . improving performance – Fragmentation: files on your hard drive are scattered about the disk • Windows cleaners – Scan the Windows Registry.
System Maintenance Succeeding with Technology. Third Edition 36 .
Third Edition 37 .Network Security • When a computer is connected to a network. risks increase Succeeding with Technology. security risks increase a hundredfold • Connecting to the Internet increases risks a million times • As long as there is a network connection.
Third Edition 38 .Multiuser System Considerations • Multiuser system – Multiple users share access to resources such as file systems • User permissions – The access privileges afforded to each network user • File ownership – Files and Folders on the system carry information that identifies their creator • Group ownership – Members of the group have access to system files or folders marked for group use • World ownership – Resources are set to be available to everyone on the network Succeeding with Technology.
Third Edition 39 .Multiuser System Considerations Succeeding with Technology.
Interior Threats • Threats from within a private network – Unintentional • Users make mistakes or exceed their authorization – Intentional • Registered users want to do harm or steal information Succeeding with Technology. Third Edition 40 .
Third Edition 41 .Threats to System Health and Stability • On most business networks – Users may not install software without authorization • Security at the cost of convenience – Some software is unstable and dangerous – Software from outside the system could contain • Viruses • Spyware Succeeding with Technology.
Third Edition 42 .Threats to System Health and Stability Succeeding with Technology.
databases. Third Edition 43 .Information Theft • Identity theft – Many instances of identity and information theft with the assistance of insiders with network access • Businesses are taking action against this – Restricting access to physical locations. systems – PCs with no external drives or USB ports – Analysts suggest banning iPods from the workplace Succeeding with Technology.
or contract • Defines acceptable and unacceptable uses of computer and network resources – Typically warn against using the network for illegal activities • Employers – Not legally responsible for notifying employees of network usage policies Succeeding with Technology. Third Edition 44 .Security and Usage Policies • Security and network usage policy – Document. agreement.
Security and Usage Policies Succeeding with Technology. Third Edition 45 .
even in McDonalds – Every Wi-Fi adapter has a unique MAC address that is usually printed on the adapter Succeeding with Technology. coffee shops.Wireless Network Security • Wireless networks – Provide wonderful convenience – Have security risks • Wi-Fi networks – The most popular wireless protocol – Are popping up in offices. on city streets. in airports. Third Edition 46 . homes.
are set to broadcast their presence • War driving – Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks – No one has ever been convicted of war driving.Threats to Wireless Networks • Access point – Sends and receives signals to and from computers on the wireless local area network or WLAN – By default. but the legality is questionable Succeeding with Technology. Third Edition 47 .
Third Edition 48 .Threats to Wireless Networks Succeeding with Technology.
Securing a Wireless Network • Access points provide security settings for – Making the network invisible • Disable broadcast of the network ID. the SSID – Keeping unwanted computers off the network • Change the password used to connect to the access point • Set the access point to only allow certain computers to connect – Encrypting data • Wireless encryption protocols are used to prevent attackers from listening in on wireless communications Succeeding with Technology. Third Edition 49 .
Third Edition 50 .Securing a Wireless Network Succeeding with Technology.
Internet Security • When a computer is connected to the Internet it becomes a target to millions of various attacks • Computer’s IP address – Registered and known to others • Attacks against Internet-connected computers – Direct attacks – Viruses. or spyware Succeeding with Technology. worms. Third Edition 51 .
Hackers on the Internet • Methods of Attack – Key-logging – Packet-sniffing – Port-scanning – Social engineering: exploits the natural human tendency to trust others to acquire private information – Dumpster diving • Automated attacks – Viruses. spyware Succeeding with Technology. Third Edition 52 . worms.
Hackers on the Internet Succeeding with Technology. Third Edition 53 .
Motivation and Goals for Attacks • Common motivations – Hobby and challenge – Malicious vandalism – Gaining a platform for anonymous attacks • Distributed-denial-of-service attacks • Numerous computers used to make requests of a server in order to overwhelm it – Theft of information or services – Spying Succeeding with Technology. Third Edition 54 .
Defending Against Hackers • Firewall – Hardware or software that examines all incoming packets and filters out those which may be harmful • Encrypting confidential data Succeeding with Technology. Third Edition 55 .
Motivation and Goals for Attacks Succeeding with Technology. Third Edition 56 .
Third Edition 57 . install programs on the computer that can be harmful – Backdoor Trojans open ports on the computer for hacker access • Worm – Acts as a free agent. and delivers a destructive action called a payload • Trojan horses – Appear to be harmless programs – When they run.Viruses and Worms • Virus – Program that attaches itself to a file – Spreads to other files. replicating itself numerous times in an effort to overwhelm systems Succeeding with Technology.
Viruses and Worms Succeeding with Technology. Third Edition 58 .
Third Edition 59 .How Viruses and Worms Spread • Worms and viruses can infect your PC from many sources – – – – – P2P networks E-mail Web scripts Instant messaging Downloaded software or files • Worms and viruses generally attack Windows platforms. not UNIX/Linux or Mac – Theories • Hackers and virus authors hate Microsoft • Hackers and virus authors attack the dominant platform to do the most damage • Widows has more holes. making it easier to attack Succeeding with Technology.
How Viruses and Worms Spread Succeeding with Technology. Third Edition 60 .
Third Edition 61 .How Viruses and Worms Spread Succeeding with Technology.
Third Edition 62 .Defending Against Viruses and Worms • Antivirus software uses several techniques to: – Find viruses on a system – Remove them if possible – Keep additional viruses from infecting the system Succeeding with Technology.
Defending Against Viruses and Worms • Keys to protecting PCs – Don’t open e-mails or IM attachments unless they are expected and have been inspected by antivirus software – Keep up with software patches for your system – Use caution when exploring Web sites – Avoid software from untrusted sources – Stay away from file-sharing networks Succeeding with Technology. Third Edition 63 .
Defending Against Viruses and Worms Succeeding with Technology. Third Edition 64 .
allows the user to remove it. and provides continuing protection against future attacks Succeeding with Technology. Third Edition 65 . and Zombies • Spyware – Software installed on a computer without user’s knowledge – Monitors the user. Adware.Spyware. or gives control of the computer to an outside party • Zombie computer – Carries out actions (often malicious) under the remote control of a hacker either directly or through spyware or a virus – Join together into zombie networks • Antispyware – Software that searches a computer for spyware and other software that may violate a user’s privacy.
Spam. and Hoaxes • Internet fraud – Deliberately deceiving a person over the Internet in order to damage them and to unjustly obtain property or services from the victim • Phishing scam – Combines both spoofed e-mail and a spoofed Web site in order to trick a person into providing private information • Spear phishing – Private information is used to target a specific person • Pharming – Domain name service server is hijacked and automatically redirects users to spoofed sites in order to steal information Succeeding with Technology.Scams. Fraud. Third Edition 66 .
Third Edition 67 . Spam. Fraud. and Hoaxes Succeeding with Technology.Scams.
Third Edition 68 . Fraud. and Hoaxes • Spam – Unsolicited junk mail that makes up more than 60% of today’s e-mail • Laws have not had much effect • Spammers often partner with hackers – Well protected behind zombie networks and virusinfected computers Succeeding with Technology.Scams. Spam.
Third Edition 69 .Scams. Spam. Fraud. and Hoaxes Succeeding with Technology.
Fraud. Third Edition 70 .Scams. and Hoaxes • Spam solutions – Bayesian filters – Simple authentication software – “Trusted sender” technology – Reputation systems – Interfaces for client-side tools to allow end users to report spam Succeeding with Technology. Spam.
and Hoaxes • Virus hoaxes – E-mail that warns of a virus that doesn’t exist • In some cases. important system file – Deleting such a file may make your computer unusable Succeeding with Technology.Scams. Spam. just a nuisance. Fraud. but they can cause great harm in other cases – Hoax may ask you to delete a “virus” file that is actually an uninfected. Third Edition 71 .
Scams. Fraud. Third Edition 72 . fraud. and Hoaxes • Defending against scams. spam. Spam. and hoaxes – Awareness and common sense – Do not click links sent by e-mail • Type URLs directly into the browser – Examine Web addresses to make sure they are legitimate – Do not believe virus alerts sent through e-mail unless they come from a reputable source – Use spam filters Succeeding with Technology.
Third Edition 73 . Fraud.Scams. and Hoaxes Succeeding with Technology. Spam.
computer networks.Summary • Total information security – Securing all components of the global digital information infrastructure • Fundamental security implemented at – The individual machine level – The point of entry to computers. and the Internet Succeeding with Technology. Third Edition 74 .
Summary • When a computer is connected to a network – Security risks increase • With wireless technologies – Attacker no longer has to establish a wired connection to a network • Attacks against Internet-connected computers may come in the form of: – Direct attacks by hackers (system penetration) – Through viruses. or spyware – Frauds and scams Succeeding with Technology. worms. Third Edition 75 .